Commit Graph

4350 Commits (befe224c58a3e898e6fbd157843d8122c09d0b06)

Author SHA1 Message Date
KINGSABRI 4cb19c75a6 Enhance the module and add version check 2016-01-21 03:19:31 +03:00
wchen-r7 fcaef76215 Do a version check
This attack is not suitable for newer versions due to the
mitigation in place.
2016-01-20 17:14:44 -06:00
nixawk ad107a2d1c Show - No Auth Required - Just Once 2016-01-19 08:29:33 +08:00
nixawk 0b78406d29 clear Metasploit::Framework::LoginScanner::REDIS.new 2016-01-16 13:12:04 +08:00
nixawk b2983e1ee7 replace #{rhost}: #{rport} with #{peer} 2016-01-16 13:05:35 +08:00
nixawk 2abaca3f6b include Msf::Auxiliary::Redis / Remove default RPORT option 2016-01-16 12:58:02 +08:00
Karim Reda Fakhir d5dd5d55a6 modified: modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb
modified:   modules/auxiliary/voip/telisca_ips_lock_abuse.rb
2016-01-14 11:06:26 +00:00
Fakhir Karim Reda aae86d8bc0 new file: modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb 2016-01-14 00:12:55 +00:00
Fakhir Karim Reda 01b8302db1 delte modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb 2016-01-13 23:19:35 +00:00
Karim Reda Fakhir 8b03b719e8 Adding auxialiary modules :
+ symantec_brightmail_ldapcreds.rb
+ telisca_ips_lock_abuse.rb
2016-01-13 15:19:07 +00:00
Jonathan Harms 5266860cec Squashed more commits back into 1 2016-01-07 17:53:49 -06:00
Tyler Bennett c245e64239 added peer to each print statement and rex table 2016-01-06 13:22:30 -05:00
wchen-r7 6e65d1d871
Land #6411, chinese caidao asp/aspx/php backdoor bruteforce 2016-01-06 12:03:17 -06:00
nixawk a54a7aeb02 redis only need password for authentication 2016-01-06 17:05:49 +08:00
wchen-r7 bdda8650a2 Do not support username, because the backdoor doesn't use one 2016-01-06 02:02:11 -06:00
Jon Hart d626d7f0c9
Land #6416, @all3g's rewrite/improvements to redis_server 2016-01-05 19:02:26 -08:00
Jon Hart 90ea88e5ba
Make command used configurable 2016-01-05 16:23:10 -08:00
Jon Hart 3ccdd12ecb
Put peer first in all prints 2016-01-05 16:09:50 -08:00
Jon Hart 1d997234cb
Remove unnecessary degistering of RHOST 2016-01-05 16:08:18 -08:00
Tyler Bennett aa2922e6c3 added in verbose mode for ddns and fixed report_email_creds issue 2016-01-05 14:54:48 -05:00
nixawk 8a76bbafff Add peer to vprint_error 2016-01-06 01:51:23 +08:00
Jon Hart eef154420b This is a scanner, so vprint things that occur frequently 2016-01-05 09:06:36 -08:00
Jon Hart 63324bd77d Rescue correct exceptions 2016-01-05 09:05:32 -08:00
Jon Hart 1b48556456 Use cleaner hash syntax 2016-01-05 09:05:32 -08:00
nixawk 9714923824 ensure disconnect / remove self.class from register_options 2016-01-06 00:54:54 +08:00
William Vu 6cb9ad0d72
Land #6435, unaligned def/end fix 2016-01-05 09:59:25 -06:00
nixawk c3158497c0 rebuild / add check_setup / send_request 2016-01-05 15:10:26 +08:00
nixawk cbbbd9a7e7 end is not aligned with def 2016-01-05 14:07:43 +08:00
nixawk 20cd156047 replace auxiliary/scanner/misc/redis_server with auxiliary/scanner/redis/redis_server 2016-01-05 13:14:40 +08:00
William Vu 3990c021c2
Land #6318, updates for ssh_identify_pubkeys 2016-01-04 13:27:38 -06:00
William Vu 6f01df3f79 Clean up module 2016-01-04 13:26:03 -06:00
William Vu 58c047200d
Land #6305, creds update for owa_login 2016-01-04 10:52:39 -06:00
nixawk a6914df3e3 rename LOGIN_URL to TARGETURI 2015-12-31 22:21:34 +08:00
nixawk 370351ca88 chinese caidao asp/aspx/php backdoor bruteforce 2015-12-31 15:17:01 +08:00
nixawk a929dc0e35 add redis_login 2015-12-30 18:54:25 +08:00
Brendan Coles 47261c27d4 Add EasyCafe Server Remote File Access module 2015-12-27 12:00:50 +00:00
Brent Cook e23b5c5435
Land #6179, add NTP initial crypto nak spoofing module 2015-12-24 15:46:18 -06:00
Jon Hart 283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings
Fix the affected modules
2015-12-24 09:12:24 -08:00
Jon Hart 27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL 2015-12-24 09:05:02 -08:00
Jon Hart cb752a4bcf
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb 2015-12-24 07:46:23 -08:00
Jon Hart c55f61d2d7
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/smtp.rb 2015-12-24 07:44:36 -08:00
wchen-r7 cea3bc27b9 Fix #6362, avoid overriding def peer repeatedly
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
wchen-r7 7d8ecf2341 Add Joomla mixin 2015-12-18 21:14:04 -06:00
Brent Cook 0c0219d7b7
Land #6357, cleanup redis rdbcompression options 2015-12-17 10:45:11 -06:00
Jon Hart f3ac8a2cc0
Land #6360, @pyllyukko's reference cleanup for ipmi_dumphashes 2015-12-16 22:03:40 -08:00
Jon Hart 865e2a7c18
Only test/reset rdbcompression if told to and redis is configured that way 2015-12-16 11:20:13 -08:00
Jon Hart f616ee14a8
Dont abort if compression can't be disabled 2015-12-16 11:11:00 -08:00
Jon Hart 12764660b2
Remove compression bits from description; remove unnecessary module options; require DISABLE_RDBCOMPRESSION 2015-12-16 11:07:27 -08:00
pyllyukko d110c6cc73
Added few references to ipmi_dumphashes 2015-12-16 13:36:37 +02:00
nixawk 342ce05ff7 add a DISABLE_RDBCOMPRESSION option for redis file_upload 2015-12-16 04:28:52 +00:00
Tyler Bennett 5bb8dbcafc added peer to users table 2015-12-15 16:45:45 -05:00
Tyler Bennett 797bd9e04d added peer to each table and added each users groups to the users table 2015-12-15 16:31:25 -05:00
Jon Hart b78f7b4d55
Land #6319, @all3g's module for abusing redis to achieve file uploads 2015-12-14 18:00:44 -08:00
Tyler Bennett bda6c940cf fixed issues with printing of tables and cleaned up output a bit removed unecessary prints 2015-12-14 16:23:18 -05:00
Jon Hart e448bc3e27
If saving fails, print_error and mention permissions 2015-12-14 10:47:05 -08:00
Jon Hart 19acd366d6 Rename redis file upload module; remove the 'auth' part 2015-12-14 10:40:28 -08:00
Vex Woo dee23e4bda Merge pull request #3 from jhart-r7/pr/fixup-6319
Cleanup redis unauth_file_upload, move redis stuff to mixin
2015-12-12 03:32:05 +00:00
Jon Hart 9ef46140c0
Improve output when success 2015-12-11 10:10:44 -08:00
Jon Hart 32a64c3d8e
Make auth easier, work automatically and on older redis versions
Also, improve check
2015-12-11 10:04:47 -08:00
Jon Hart ac47c87af4
Move Password option to redis mixin 2015-12-11 08:53:11 -08:00
Jon Hart 38d0b0a0f2
Wire in @all3g's redis auth code 2015-12-11 08:42:59 -08:00
Tyler Bennett c000e590d4 verified table values are correctly typed as Strs, but it still fails to print the tables 2015-12-10 15:51:59 -05:00
Jon Hart 555e52e416
Document the redis upload process more 2015-12-10 09:35:46 -08:00
Jon Hart 48a27170c2
Document process better, delete correct key 2015-12-10 09:13:13 -08:00
Jon Hart d2f54af23f
Reset the dir and dbfilename back to their original settings 2015-12-10 08:56:24 -08:00
Jon Hart 21ab4e96e5
First pass at redis mixin 2015-12-10 08:29:59 -08:00
nixawk 0d8fc78257 make code more clear 2015-12-10 15:13:50 +00:00
nixawk 42013c18ba add a password option - AUTH_KEY 2015-12-10 08:24:47 +00:00
nixawk 28bc5b4d4f move it from exploit to auxiliary 2015-12-10 08:23:38 +00:00
Jon Hart 4cc7853ad8
Don't run_host unless check returns vulnerable; report_service 2015-12-09 18:33:40 -08:00
Jon Hart 624e5aeffa
First pass at converting redis module to aux; style cleanup 2015-12-09 17:59:48 -08:00
Tyler Bennett c2ef7be217 cleaned up regex isseus and added the appropriate rex tables. Having issues with printing them due to type errors, but Im working on it 2015-12-09 17:49:38 -05:00
Tyler Bennett e574c844de added rex table for channels func, has an issues with TypeError no implicit conversion of String into Integer upon building the table 2015-12-08 18:19:30 -05:00
Tyler Bennett 48cd350711 updated authors list with contributors 2015-12-08 16:29:00 -05:00
Tyler Bennett 92d56cd050 cleaned up uncessary Rex Tables working on the rest of them for users, groups and channels 2015-12-08 16:24:47 -05:00
Tyler Bennett 75e31c252e added rex table for nas settings, still working on users and hashes rex table 2015-12-07 14:48:28 -05:00
Tyler Bennett 3d892bd1d6 added rex table for grab_email func instead of printing out values 2015-12-07 10:37:36 -05:00
Tyler Bennett 069a50e1b8 Revert "fixed ddns_creds import issue, by using rhost and commenting why it needs to be used"
Reverting to hopefully force a fix for issue #3968
2015-12-07 09:41:46 -05:00
Stuart Morgan ca023b6499 Simplified do_report() to comply with msftidy 2015-12-05 23:27:28 +00:00
Stuart Morgan 4f1f755c1d msftidy 2015-12-05 22:49:40 +00:00
Stuart Morgan 4469e9b5ef Finalised module 2015-12-05 22:45:08 +00:00
Stuart Morgan bd1bf4aa72 Initial test, fixed noteswq 2015-12-05 21:19:34 +00:00
Stuart Morgan 09c58e4097 Massive rework of the storage/notes/reporting 2015-12-05 21:18:29 +00:00
Stuart Morgan 1101edbcd3 argh, forgot the comma! 2015-12-05 16:24:10 +00:00
Stuart Morgan 28202745ab Removed EOL spaces (msftidy) 2015-12-05 15:33:04 +00:00
Stuart Morgan 12561e5cf9 Add delay/jitter to xmas scan 2015-12-05 15:32:47 +00:00
Stuart Morgan e190dcb61a Merge branch 'master' of https://github.com/rapid7/metasploit-framework into add_delay_jitter_to_scan 2015-12-05 15:25:11 +00:00
Stuart Morgan 5965867fdc Added 'milliseconds' unit description to JITTER parameter for clarity 2015-12-05 15:23:31 +00:00
Stuart Morgan a46031a85c Added delay/jitter to syn scan 2015-12-05 15:23:00 +00:00
Stuart Morgan 40d3ebbc94 Added delay/jitter to ftpbounce scan 2015-12-05 15:22:52 +00:00
Stuart Morgan 33563129c1 Added delay/jitter to ACK 2015-12-05 15:22:41 +00:00
Stuart Morgan efa2f5aa1c Added delay/jitter feature to ACK scan 2015-12-05 15:14:22 +00:00
Stuart Morgan 0e96a71232 Update 2015-12-05 15:12:40 +00:00
Stuart Morgan cc770ab120 Removed unneeded comments 2015-12-05 14:59:33 +00:00
Stuart Morgan 734cb128e0 Changed jitter to be absolute, not relative, and put threads option back in 2015-12-05 14:57:47 +00:00
Stuart Morgan ba13b88aad Apparently rand(2) will give you 0 and 1....rand(1) exclusively gives 0. Must read the man pages more.... 2015-12-05 14:25:30 +00:00
Stuart Morgan d5e433df87 Removed THREADS option because it isn't used, and added DELAY and JITTER options 2015-12-05 14:23:33 +00:00
Tyler Bennett 385e5a9fe1 fixed more rubocop issues with the rex table for ddns 2015-12-04 15:28:01 -05:00
Tyler Bennett 4e0ab9b68f fixed ddns_creds import issue, by using rhost and commenting why it needs to be used 2015-12-04 15:10:02 -05:00
Tyler Bennett 6ce54f15ee added rex table for ddns func 2015-12-04 14:46:26 -05:00
Tyler Bennett 16e4d6a727 fixedd more rubocop errors, still needs work 2015-12-04 14:08:18 -05:00
Jon Hart 72f7efd042
Lots of style cleanup 2015-12-03 15:39:27 -08:00
Jon Hart 4b30a56f15
Add a few missing connects 2015-12-03 15:22:27 -08:00
Jon Hart 7346c528cd
Fix indentation 2015-12-03 15:21:06 -08:00
Jon Hart 6c31946995
Slightly simplify regex 2015-12-03 15:19:35 -08:00
Jon Hart 98096ab71c
Remove useless assignment 2015-12-03 15:16:54 -08:00
Jon Hart 504f6874f2
Convert to actions 2015-12-03 15:15:48 -08:00
Jon Hart 93cd3446db
Minor cleanup of some print_ lines 2015-12-03 15:01:27 -08:00
Jon Hart 753eddbbd6
Correct true/false for optional options, default values 2015-12-03 14:53:27 -08:00
Tyler Bennett 9d71ff6b9d cleaned up a few misc prints and added in logic if mailport is empty 2015-12-03 15:51:49 -05:00
Tyler Bennett 3d617efa88 added code to parse mailport from config 2015-12-03 15:36:08 -05:00
Tyler Bennett 0d89dde4a6 changed sock.get to sock.get_once and fixed booleans hopefully. Still cleaning things up but its getting closer 2015-12-03 12:51:48 -05:00
r3naissance db5c69226e
Add Usernames to Creds Database with owa_login.rb 2015-12-03 09:31:36 -07:00
Jon Hart fdbd3cfc11
Fix minor style problems, call check() from run_host 2015-12-02 15:46:35 -08:00
Tyler Bennett a8887e6b77 firts iteration of moving each payload to its own function and setting optional vars, cleaning up rubocop warnings as well 2015-12-02 16:33:09 -05:00
Tyler Bennett ca496a376f set username as a requirement and added note about randomly assinged password for user if not set 2015-12-02 14:16:36 -05:00
James Lee 98a0ddebda
Land #6298, Advantech shellshock module 2015-12-01 11:37:09 -06:00
HD Moore 16d0d53150 Update Shellshock modules, add Advantech coverage 2015-12-01 10:40:46 -06:00
Tyler Bennett 36f48dc945 cleaned up required opts, only left needed vars to run the rest are optional based on user preference 2015-12-01 11:02:14 -05:00
Tyler Bennett 5e9a0ab3ff removed version var in initialize method 2015-12-01 10:57:16 -05:00
Tyler Bennett cb60b41d5d added in fixes and missing typos, randomized the password for the user 2015-12-01 10:43:58 -05:00
Kyle Gray bd8177bf6c
Merge remote-tracking branch 'origin/pr/6284'
Land #6284, fix for false negatives found in #6281

@wvu found some false negatives while testing a server for #6281
2015-11-30 16:09:42 -06:00
Christian Mehlmauer 920d8c6ad7
Land #6278, wrong default option for RHOST 2015-11-26 06:49:25 +01:00
Jon Hart 8fd2522a59
Land #6257, @all3g's aux module for locating git repos over HTTP 2015-11-25 12:25:45 -08:00
Jon Hart a56571479f
Remove WmapScanServer mixin; not needed 2015-11-25 11:38:32 -08:00
William Vu 2da9bb8578 Follow redirects in apache_userdir_enum
Found false negatives while testing a server for #6281.
2015-11-25 13:27:06 -06:00
William Vu 8f459de064 Fix tomcat_enum for full_uri 2015-11-25 11:28:56 -06:00
William Vu 38a9efe4d6 Fix squiz_matrix_user_enum for full_uri 2015-11-25 11:28:53 -06:00
William Vu 7d17c5741b Fix nginx_source_disclosure for full_uri 2015-11-25 11:19:27 -06:00
William Vu 035882702a Fix barracuda_directory_traversal for full_uri 2015-11-25 11:18:17 -06:00
William Vu 7a5f6495d0 Fix axis_local_file_include for full_uri 2015-11-25 11:16:59 -06:00
William Vu 42d12a4d40 Fix apache_userdir_enum for full_uri 2015-11-25 11:16:22 -06:00
Waqas Ali c09d8031c6 Remove default empty string 2015-11-25 12:19:16 +05:00
Jon Hart eac4f02b66
Spelling and correct description 2015-11-24 17:57:56 -08:00
aushack 3ad7ef9814 Modify the printed URL to add https:// when SSL is used. 2015-11-25 12:46:56 +11:00
wchen-r7 b1abfe898d Update wordpress_xmlrpc_login
Replace the wordpress_xmlrpc_login code with
wordpress_xmlrpc_massive_bruteforce.rb, which should run a lot
faster.
2015-11-24 16:30:34 -06:00
Jon Hart ccdf814688
Use correct URIs in report_note 2015-11-24 09:52:07 -08:00
Jon Hart c66d56263a
Cleaner and more consistent print_ * 2015-11-24 09:43:05 -08:00
Jon Hart 1e90a8004d
Correct printing of URIs when provided TARGETURI doesn't end with / 2015-11-24 09:11:04 -08:00
Jon Hart afa4d9e74d
Add legit git UserAgent 2015-11-24 08:57:19 -08:00
Jon Hart d59c563ee3
Don't store index file 2015-11-24 08:51:43 -08:00
Jon Hart e29a229336
Minor style cleanup 2015-11-24 08:50:21 -08:00
Waqas Ali 2152c310fe Remove the default true option of RHOST 2015-11-24 14:54:54 +05:00
Louis Sato 493e476a43
Land #6243, check nil for sock.read 2015-11-23 11:15:51 -06:00
Spencer McIntyre dc5e9a1d0a Support CSRF token in the Jenkins aux cmd module 2015-11-22 17:51:27 -05:00
nixawk 2dd8567741 remove GIT_HEAD / add description / git_config regex match / save index|config file(s) 2015-11-22 09:18:19 +00:00
aushack fc46ce0ced Bring module title in line with other WP modules. 2015-11-22 13:39:45 +11:00
nixawk e0386d6830 add scan switches GIT_INDEX / GIT_HEAD / GIT_CONFIG 2015-11-21 03:06:37 +00:00
nixawk 1795e09a27 scan git disclosure (.git/index) 2015-11-19 09:16:32 +00:00
wchen-r7 0cda20c9e2 Fix everything pointed out by @jlee-r7 2015-11-18 12:02:28 -06:00
Tyler Bennett 5acd9b283e removed misc comments that arent needed 2015-11-18 11:54:32 -05:00
Tyler Bennett 3d95bd7851 fixed issue with msftidy and fixed rubocop issues that broke the module 2015-11-18 10:40:50 -05:00
Tyler Bennett e55ac99c12 fixed a bunch more rubocop errors 2015-11-17 14:30:33 -05:00
Tyler Bennett 6e4ccb46e5 knocked out a few more rubocop errors 2015-11-17 11:44:11 -05:00
Tyler Bennett 38c4e4ee6c added a few more rubocop fixes 2015-11-17 10:48:57 -05:00
Tyler Bennett f499b822cd added more rubocop fixes, still testing issue with RHOSTS 2015-11-17 10:30:50 -05:00
Tyler Bennett afd1e43226 added rubocop fixes 2015-11-17 09:41:12 -05:00
wchen-r7 17a1f2ee8a Fix #6242, Check nil for sock.read
Fix #6242
2015-11-16 14:24:46 -06:00
wchen-r7 f0da09090d
Land #6233, Konica Minolta FTP Utility 1.00 Directory Traversal 2015-11-16 13:55:29 -06:00
wchen-r7 740cacb4c0 Check nil 2015-11-16 13:54:36 -06:00
Tyler Bennett d677a8b871 Adding Dahua DVR auth bypass auxiliary scanner per CVE-2013-6117 2015-11-16 13:54:44 -05:00
William Vu 4401c6f1fd
Land #6178, rsync modules_list improvements 2015-11-13 10:46:24 -06:00
JT 44948a2ace Add konica_ftp_traversal.rb ( CVE-2015-7603 )
This module exploits a directory traversal vulnerability found in Konica Minolta FTP Utility 1.0. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command that includes file system traversal strings such as '..//
2015-11-13 07:51:42 +08:00
KINGSABRI ab71d94392 Make CHUNKSIZE user configurable. Thanks @jhart-r7 2015-11-12 23:02:48 +03:00
KINGSABRI 732563614b Change connecting method to send for better code naming 2015-11-12 20:26:17 +03:00
KINGSABRI 881b12f0ab Fix rebease conflic 2015-11-12 18:16:39 +03:00
KINGSABRI ee312f86f6 Fix peer, naming, and add resp check to the code check 2015-11-12 08:50:46 +03:00
KINGSABRI 530a7bb613 Fix peer, naming, and add resp check to the code check 2015-11-12 08:42:00 +03:00
KINGSABRI 2abfa1f241 Fix exceptions and XML parsing 2015-11-12 05:30:07 +03:00
William Vu e8dacf32fd
Land #6182, Heartbleed scanner improvements 2015-11-11 16:59:20 -06:00
William Vu ce3f9e2fab Fix minor style issues 2015-11-11 16:58:20 -06:00
wchen-r7 99607e6e4d
Land #6205, BisonWare BisonFTP Server Directory Traversal
CVE-2015-7602
2015-11-11 11:47:45 -06:00
wchen-r7 40bdd2bd01 Do module cleanup for auxiliary/scanner/ftp/bison_ftp_traversal 2015-11-11 11:46:37 -06:00
wchen-r7 c79a66be02
Land #6204, directory traversal for PCMan FTP server
CVE-2015-7601
2015-11-11 11:07:34 -06:00
wchen-r7 e6e5bde492 Do module cleanup for auxiliary/scanner/ftp/pcman_ftp_traversal 2015-11-11 11:06:54 -06:00
JT 75a0472db8 Update bison_ftp_traversal.rb
made some changes
2015-11-11 14:01:39 +08:00
JT 4716e2e16b Update pcman_ftp_traversal.rb
made some changes
2015-11-11 14:00:04 +08:00
KINGSABRI b37fb3f34d Add TARGETURI option 2015-11-11 06:25:20 +03:00
KINGSABRI cf0cb2df9e Add TARGETURI option 2015-11-11 06:24:52 +03:00
KINGSABRI 9894fe15bd Remove unused advanced options 2015-11-11 06:02:37 +03:00
KINGSABRI 136fa12ac9 Remove unused advanced options 2015-11-11 06:02:13 +03:00
KINGSABRI 57cf535ec6 Fix the comment 2015-11-11 02:06:49 +03:00
KINGSABRI 137c2e214e Fix the comment 2015-11-11 02:01:01 +03:00
KINGSABRI 91867d344b Refactoring.. 2015-11-10 23:07:13 +03:00
KINGSABRI d19942eae3 Add wordpress masive bruteforce using XMLRPC (wordpress API) fix 2015-11-10 23:07:12 +03:00
KINGSABRI 745738f065 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-10 23:07:12 +03:00
KINGSABRI b571a79b69 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-10 23:07:12 +03:00
KINGSABRI d498dc46a1 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-10 23:07:12 +03:00
KINGSABRI fffbb4106f Refactoring.. 2015-11-10 22:33:37 +03:00
Jon Hart 8f86b2519f
Resolve 'duplicate key warning' for some modules 2015-11-09 18:40:32 -08:00
KINGSABRI 46e7c53950 Add wordpress masive bruteforce using XMLRPC (wordpress API) fix 2015-11-09 19:04:33 +03:00
KINGSABRI 2bf57a3cf3 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-09 18:23:15 +03:00
KINGSABRI 9586f416a1 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-09 17:37:06 +03:00
KINGSABRI 9f4f478d2d Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-09 17:28:58 +03:00
JT e019aa12a0 Update pcman_ftp_traversal.rb 2015-11-08 13:40:23 +08:00
JT f60f2336e3 Update bison_ftp_traversal.rb 2015-11-08 13:39:32 +08:00
JT be85e85d40 Create bison_ftp_traversal.rb 2015-11-08 13:34:10 +08:00
JT bb78025dde Update pcman_ftp_traversal.rb 2015-11-08 13:27:45 +08:00
JT bf362be0a4 Update pcman_ftp_traversal.rb 2015-11-08 13:17:57 +08:00
JT bb9e820372 Create pcman_ftp_traversal.rb
Adding CVE-2015-7601
2015-11-08 13:08:23 +08:00
Jon Hart 43229c16e7
Correct some authors with unbalanced angle brackets 2015-11-06 13:24:58 -08:00
Jon Hart f408bca3f0
More correct exception handling 2015-11-06 12:25:27 -08:00
Jon Hart f84e9a88b0
Credit for original vuln discovery 2015-11-06 10:40:07 -08:00
Jon Hart 1473f2cfa7
More consistent printing 2015-11-06 10:03:06 -08:00
Jon Hart 7101ff2ecc
Better handling of motd printing 2015-11-06 09:52:12 -08:00
Jon Hart 55e224b7e7
Improve auth handling 2015-11-06 09:50:39 -08:00
Jon Hart fc97266588
Handle errors more carefully 2015-11-06 09:44:05 -08:00
Jon Hart d3ebb8ae93
Style cleanup of auth checking 2015-11-06 08:34:17 -08:00
dmohanty-r7 a71d7ae2ae
Land #6089, @jvazquez-r7 Fix HTTP mixins namespaces 2015-11-05 16:56:41 -06:00
Jon Hart e96596e8eb
Credit Nixawk/all3g for some of the module review/improvements/ideas
From:
  https://github.com/rapid7/metasploit-framework/pull/6191
  https://github.com/jhart-r7/metasploit-framework/pull/5
2015-11-05 09:22:30 -08:00
Jon Hart 0ae2e64bc5
Only mark rsync as req'ing auth true/false if we are sure, otherwise vprint and unknown 2015-11-05 09:20:02 -08:00
Jon Hart f1a79bd207
Make motd printing optional, off by default 2015-11-04 10:11:00 -08:00
Jon Hart 8f497faa09
Make read timeout configurable and shorter by default
This makes the time spent handling motd almost a non-issue
2015-11-04 10:01:38 -08:00
Jon Hart 3528bb2fa7
Remove optional motd handling; this is always necessary
without it, detecting authentication on systems w/ a motd does not work
2015-11-04 09:43:10 -08:00
Jon Hart 0d3232f93a
break if we get the rsync exit 2015-11-04 09:12:02 -08:00
Jon Hart ba5a8e4806
style 2015-11-04 09:11:07 -08:00
Jon Hart 2cab70294e
sprinkle in peer 2015-11-04 09:05:33 -08:00
Jon Hart 9bcdd19e0a
Correct table 2015-11-04 09:01:07 -08:00
Jon Hart 8f4f187c70
More usable format for module metadata in notes 2015-11-04 08:47:37 -08:00
Jon Hart b7ccee949e
Improve name and description; update authors 2015-11-04 08:42:29 -08:00
Jon Hart c0993c3797
Appease rubocop
You have 20 seconds to comply
2015-11-04 08:28:35 -08:00
Jon Hart c265a371d8
Make testing the rsync module for authentication optional,
but on by default
2015-11-04 08:25:38 -08:00
Tom Spencer 557dffd8d2 Fixed extra space at end of line 2015-11-02 21:50:39 -08:00
Tom Spencer 4d97e33bc5 Dramatic speed-up in bleeding, improved verbose output of leaked data. 2015-11-02 16:07:21 -08:00
Jon Hart dd91956c4a
ooops, puts 2015-11-02 15:07:26 -08:00
Jon Hart de959ed62b
Remove actions; check and run_* will suffice 2015-11-02 13:54:42 -08:00
Jon Hart 1c3e4d2cbf
Refactor to use Scanner; add check; add beginnings of actions 2015-11-02 13:39:09 -08:00
Jon Hart ced20ba51c
Refactor NTP symmetric packet creation; add vuln detection to NAK to the future 2015-11-02 12:46:58 -08:00
Jon Hart 17c4aa2348
Fill in description; style 2015-11-02 12:18:35 -08:00
Jon Hart 8fb0596888
Add more refs 2015-11-02 12:07:18 -08:00
Jon Hart 3c92b109d7
Don't wait for motd when testing for auth 2015-11-02 10:49:48 -08:00
Jon Hart 6c0034fba6
get_once for negotiation and trailing motd_lines
This feels hacky.
2015-11-02 09:32:54 -08:00
Jon Hart a120dd1ea9
Return nil when no motd lines 2015-11-02 09:18:10 -08:00
Jon Hart 962cf77873
Not all modules have comments 2015-11-02 09:14:41 -08:00
Jon Hart 4effd3aa81
Handle case where motd comes after negotiation 2015-11-02 09:12:57 -08:00
Jon Hart d18b6ff9cd
More doc, error handling 2015-10-30 13:13:44 -07:00
Jon Hart ff1d0709e0
vprint if the thing isn't rsync 2015-10-30 12:39:06 -07:00
Jon Hart eb99aaa216
Print out modules before building/reporting table 2015-10-30 09:49:07 -07:00
Jon Hart 86b48490f0
Merge branch 'master' into poc/rsunk 2015-10-30 09:42:41 -07:00
Jon Hart b5d0804442 Detect if an rsync module requires authentication 2015-10-27 18:15:18 -07:00
Jon Hart 4a3848cc4f Handle rsync motd 2015-10-27 18:15:18 -07:00
Jon Hart 73a6b47606 Split out negotiation and listing 2015-10-27 18:15:18 -07:00
Jon Hart 6dd40ec063 Better reporting 2015-10-27 18:15:18 -07:00
Jon Hart caf848ddf4 Store table better 2015-10-27 18:15:18 -07:00
Jon Hart 3e7f7f2eec Remove unnecessary table options, as these are the default 2015-10-27 18:15:18 -07:00
Jon Hart 4f468dbcd7 Usability improvements for rsync modules_list 2015-10-27 18:15:18 -07:00
Jon Hart 6781dfa6ee Style cleanup for rsync modules_list 2015-10-27 18:15:18 -07:00
Jon Hart 78ad9908d2 Doc 2015-10-27 18:10:18 -07:00
Jon Hart f2b6d37630 Add WIP module for Cisco Talos' NTP 'NAK to the future' 2015-10-27 18:10:07 -07:00
wchen-r7 154fb585f4 Remove bad references (dead links)
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
William Vu f00f90532a Fix SSH_DEBUG for ssh_login{,_pubkey} 2015-10-22 15:14:45 -05:00
William Vu 88159edf9f Fix double raise in vnc_none_auth
Not necessary for what it's trying to accomplish, being a scanner.
2015-10-19 18:22:06 -05:00
jvazquez-r7 28ca34c40a
Fix conflicts 2015-10-16 15:38:59 -05:00
wchen-r7 896099b297
Land #6082, Directory Traversal for Elasticsearch 2015-10-16 11:00:27 -05:00
wchen-r7 e59a4e36b7 Fix check 2015-10-16 10:59:04 -05:00
Roberto Soares 41e9f8a91b Some code changes from Roberto 2015-10-16 10:47:19 -05:00
jvazquez-r7 67820f8b61
Fix Packetstorm references 2015-10-15 12:42:59 -05:00
jvazquez-r7 d4cf9a4eb9
Update moduels using Msf::HTTP::Typo3 2015-10-15 11:48:27 -05:00
jvazquez-r7 cf9ddbb701
Update moduels using Msf::HTTP::Wordpress 2015-10-15 11:47:13 -05:00
William Vu 2a2d8d941d
Land #6054, HTTP Host header injection module 2015-10-13 23:37:31 -05:00
jaguasch d933962ff9 Last fix, including espreto minor changes 2015-10-13 18:41:51 +01:00
William Vu c642057fa0 Clean up module 2015-10-13 12:03:41 -05:00
jaguasch 772f9d8742 Changes based on espreto recommendations 2015-10-13 16:06:26 +01:00
jaguasch 7790f14af2 Auxiliary module to exploit CVE-2015-5531 (Directory traversal) in Elasticsearch before 1.6.1 2015-10-13 13:05:58 +01:00
Tod Beardsley 185e947ce5
Spell 'D-Link' correctly 2015-10-12 17:12:01 -05:00
jvazquez-r7 ed0b9b0721
Land #6072, @hmoore-r7's lands Fix #6050 and moves RMI/JMX mixin namespace 2015-10-10 00:24:12 -05:00
HD Moore cd2e9d4232 Move Msf::Java to the normal Msf::Exploit::Remote namespace 2015-10-09 13:24:34 -07:00
William Vu b95d5790f6 Improve output 2015-10-09 11:13:50 -05:00
William Vu 6d2a89e9a6 Be more descriptive about EOFError
There are other modules that could be updated, surely.
2015-10-09 11:05:17 -05:00
jvazquez-r7 5fab1cc71a
Add loop timeout 2015-10-09 11:05:05 -05:00
wchen-r7 3a0f7ce699
Land #6044, ManageEngine ServiceDesk Plus Arbitrary File Download 2015-10-07 15:24:14 -05:00
wchen-r7 f0b6d3c68e Change error message to avoid an undef method bug 2015-10-07 15:23:29 -05:00
wchen-r7 a2c9e2549d
Land #6014, support TCP advanced options for loginscanner mods 2015-10-07 14:26:25 -05:00
JT 205b175a95 Update host_header_injection.rb 2015-10-07 13:20:06 +08:00
JT 6b3da7f7d8 Update host_header_injection.rb
made some changes as suggested by @espreto
2015-10-07 13:01:49 +08:00
JT a1e0e0cdd9 Add HTTP Host-Header Injection Detection 2015-10-07 11:19:00 +08:00
wchen-r7 5fac0a6ae5
Land #5995, advanced options on Metasploit::Framework::LoginScanner::SMB 2015-10-06 16:36:18 -05:00
William Vu 3f2d5d7f06 Add newline back in 2015-10-05 11:42:58 -05:00
xistence 41b07eeef6 Small changes to servicedesk_plus_traversal 2015-10-05 08:56:00 +07:00
Roberto Soares ed8f5456a4 Fix bugs in drupal_views_user_enum. 2015-10-04 05:53:54 -03:00
xistence e6a57d5317 Add ManageEngine ServiceDesk Plus Path Traversal module 2015-10-03 15:54:44 +07:00
William Vu 2ab779ad3d
Land #6010, capture_sendto fixes 2015-10-01 10:54:24 -05:00
William Vu 2e2d27d53a
Land #5935, final creds refactor 2015-10-01 00:25:14 -05:00
William Vu 494b9cf75f Clean up module
Prefer TARGETURI and full_uri.
2015-09-30 22:37:03 -05:00
Jake Yamaki 2e5999a119 Missed colon for output standardization 2015-09-30 16:41:46 -04:00
Jake Yamaki 3d41b4046c Standardize output and include full uri 2015-09-30 16:33:15 -04:00
Jake Yamaki 1bfa087518 Add IP to testing results
When specifying multiple hosts the resulting output is useless because you don't know which bypass goes to what IP address
2015-09-30 15:22:24 -04:00
jvazquez-r7 269641a0ff
Update vmauthd_login to have into account advanced TCP options 2015-09-28 14:38:35 -05:00
jvazquez-r7 2f46335c90
Update brocade_enbale_login to have into account advanced TCP options 2015-09-28 14:36:23 -05:00
jvazquez-r7 adb76a9223
Update telnet_login to have into account advanced TCP options 2015-09-28 14:35:58 -05:00
jvazquez-r7 0eed30ce05
Update pop3_login to have into account advanced TCP options 2015-09-28 14:29:50 -05:00
jvazquez-r7 d02193aaeb
Update mysql_login to have into account advanced TCP options 2015-09-28 14:28:32 -05:00
jvazquez-r7 0abb387c1a Update mssql_login to have into account advanced TCP options 2015-09-28 14:22:19 -05:00
jvazquez-r7 df3e4e8afd
Update ftp_login to have into account advanced TCP options 2015-09-28 14:18:05 -05:00
jvazquez-r7 a99e44b43a
Update vnc_login to have into account advanced TCP options 2015-09-28 14:13:08 -05:00
jvazquez-r7 4d8f0a6ec4
Update db2_auth to have into account advanced Tcp options 2015-09-28 14:10:55 -05:00
jvazquez-r7 07b44fccb9
Update AFP login scanner to have into account advanced options 2015-09-28 14:03:55 -05:00
jvazquez-r7 1e4e5c5bae
Update ACPP login scanner to have into account advanced options 2015-09-28 13:50:20 -05:00
Jon Hart 7ad7db7442
Fix #6008 for rogue_send. Correctly. 2015-09-27 14:48:58 -07:00
Jon Hart 06a10e136a
Fix #6008 for rogue_send 2015-09-27 14:12:23 -07:00
Jon Hart d3a41323b8
Fix #6008 for ipidseq.rb 2015-09-27 14:05:05 -07:00
Jon Hart 5b1ee8c8ca
Fix #6008 for syn.rb 2015-09-27 13:54:11 -07:00
Jon Hart 3888b793bd
Fix #6008 for ack.rb 2015-09-27 13:53:47 -07:00
Jon Hart 766829c939
Fix #6008 for xmas.rb 2015-09-27 13:46:00 -07:00
jvazquez-r7 2b7ffdc312
Use datastore advanced options used by smb_login 2015-09-21 17:48:05 -05:00
jvazquez-r7 adab9f9548
Do final cleanup 2015-09-16 20:59:32 -05:00
jvazquez-r7 4d0d806e1d
Do minor cleanup 2015-09-16 19:30:40 -05:00
jvazquez-r7 46168e816b Merge for retab 2015-09-16 17:13:08 -05:00
jvazquez-r7 688a5c9123
Land #5972, @xistence's portmapper amplification scanner 2015-09-16 14:58:19 -05:00
jvazquez-r7 8ae884c1fc Do code cleanup 2015-09-16 14:46:27 -05:00
xistence 0657fdbaa7 Replaced RPORT 2015-09-13 09:19:05 +07:00
xistence 521636a016 Small changes 2015-09-13 08:31:19 +07:00
xistence 79e3a7f84b Portmap amplification scanner 2015-09-12 16:25:06 +07:00
HD Moore 421fb4dcb8 Rework of the jenkins_command module 2015-09-04 16:56:44 -07:00
wchen-r7 5646f2e0c4 successful status should include last_attempted_at 2015-09-04 13:45:44 -05:00
HD Moore 04d622b69b Cleanup Jenkins-CI module titles and option descriptions 2015-09-04 10:25:51 -07:00
wchen-r7 d55757350d Use the latest credential API, no more report_auth_info 2015-09-04 03:04:14 -05:00
Alton Johnson 5d59e8190e Added OS detection. 2015-09-03 13:12:07 -05:00
HD Moore 6e4ae1238b
Land #5791, show the VHOST in module output 2015-09-03 11:36:19 -05:00
HD Moore b8eee4a9e4 Show the IP address if it doesn't match the VHOST 2015-09-03 11:35:38 -05:00
HD Moore 1b021464fe
Land #5919, remove deprecated VMware modules & update resource script. 2015-09-03 10:23:48 -05:00
altjx 4b8dc143ec Fixed output 2015-09-02 23:50:03 -04:00
altjx 255c8b63b3 Modified output 2015-09-02 23:33:06 -04:00
Alton Johnson 40176b9e3f Updated. 2015-09-02 19:36:18 -05:00
Alton Johnson f78f6d0a0c Updated. 2015-09-02 19:03:07 -05:00
HD Moore 9f9bbce034
Land #5840, add LLMNR & mDNS modules 2015-09-02 18:30:29 -05:00
HD Moore 0120e5c443 Cosmetic tweaks, don't report duplicate responses 2015-09-02 18:30:03 -05:00
Alton Johnson 59aa3975be Updated. 2015-09-02 18:27:44 -05:00
altjx 284edbe4b0 Update jenkins_command.rb 2015-09-02 16:47:23 -04:00
altjx bde4f40c53 Update jenkins_command.rb 2015-09-02 16:39:49 -04:00
altjx becc599aca Created Jenkins RCE module
This module simply automates the same procedures documented by Royce Davis at https://www.pentestgeek.com/penetration-testing/hacking-jenkins-servers-with-no-password/.
2015-09-02 16:12:05 -04:00
HD Moore 126fc9881e Cleanup and tweaks 2015-09-02 12:48:53 -05:00
Jon Hart 3d04d53e3a
first pass at better output and report_service 2015-09-02 10:31:46 -07:00
JT b89b6b653a Update trace.rb 2015-09-03 01:26:45 +08:00
JT 73bf812dfd Update trace.rb
removed the cookie
2015-09-03 00:35:23 +08:00
JT 5ecee6aaba Update trace.rb
removed some spaces so that msftidy will be happy
2015-09-03 00:27:22 +08:00
JT 34e0819a6e Modified the HTTP Trace Detection to XST Checker
This was suggested by HD Moore in https://github.com/rapid7/metasploit-framework/pull/5612
2015-09-03 00:19:08 +08:00
Waqas Ali 8e993d7793 Remove deprecated vmware modules 2015-09-02 13:00:15 +05:00
wchen-r7 0c4b020089
Land #5913, Add WP NextGEN Gallery Directory Traversal Vuln 2015-09-02 00:01:35 -05:00
HD Moore 381297ba93 Fix the regex flags 2015-09-01 23:07:48 -05:00
Roberto Soares 626704079d Changed output store_loot 2015-09-02 00:18:10 -03:00
Roberto Soares 96600a96ab Changed html parse by @wchen-r7 2015-09-01 22:03:21 -03:00
Alexander Salmin 3c72467b7d Fixes bug where "cert.rb:47: warning: flags ignored" happens due to some issuer patterns. 2015-09-02 01:02:46 +02:00
Roberto Soares 35661d0182 Add WP NextGEN Gallery Directory Traversal Vuln 2015-09-01 13:28:04 -03:00
Jon Hart cba3650488
report_service for mdns/llmnr query 2015-08-28 14:04:52 -07:00
wchen-r7 3d4cb06c67
Land #5807, Added Module WP Mobile Pack Vuln 2015-08-28 13:43:00 -05:00
wchen-r7 9e7f6d6500 Typos 2015-08-28 13:42:37 -05:00
wchen-r7 29e92aaabe
Land #5806, WordPress Subscribe Comments File Read Vuln 2015-08-28 11:52:59 -05:00
wchen-r7 62e6b23b4c Typo 2015-08-28 11:52:13 -05:00
jvazquez-r7 8785083722
Ensure disconnect 2015-08-24 12:36:15 -05:00